search

DFIRKuiper / Kuiper

Digital Forensics Investigation Platform
772 stars 111 forks source link

SIGMA RULES #17

Closed jmmalcala closed 4 years ago

jmmalcala commented 4 years ago

is there any way to upload sigma rules to KUIPER?

Thank you

salehmuhaysin commented 4 years ago

hi, Unfortunatly. no the reason is that Sigma rules written based on different data sources and the fields names depends on them, so if you take the existing rules and want to apply it to Kuiper, the fields and data format will be different.

Note: you could write your Sigma rules based on Kuiper data format and fields, then use Sigma engine to convert the rules to elasticsearch query string, then add it as a rule in Kuiper (using "Simple Search" to write your elasticsearch query string).

jmmalcala commented 4 years ago

Thank you so much.

Congrats for Kuiper :-)

El mar., 27 oct. 2020 a las 11:42, saleh muhaysin (notifications@github.com) escribió:

hi, Unfortunatly. no the reason is that Sigma rules written based on different data sources and the fields names depends on them, so if you take the existing rules and want to apply it to Kuiper, the fields and data format will be different.

Note: you could write your Sigma rules based on Kuiper data format and fields, then use Sigma engine to convert the rules to elasticsearch query string, then add it as a rule in Kuiper (using "Simple Search" to write your elasticsearch query string).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/DFIRKuiper/Kuiper/issues/17#issuecomment-717151797, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACXJGJQUQK4XBY6QKFRS423SM2PZPANCNFSM4S7EIGWA .